When you start Replication Server with the Kerberos security mechanism enabled,
Replication Server first uses the principal name specified with the –k
rs_principal_name option for Kerberos authentication. If the
–k rs_principal_name option is not specified, Replication
Server looks for the principal name set in the SYBASE_RS_PRINCIPAL environment
variable. If neither is specified, Replication Server uses the server name for
authentication.
In this example, the Replication Server name is "secure_rs" and the realm name is
"MYREALM.COM". The Replication Server name is specified on the command line with
-s parameter to the dataserver.
The current realm is specified in the libtcl.cfg
configuration file on a 32-bit machine or libtcl64.cfg
configuration file on a 64-bit machine by a secbase attribute
value:
[SECURITY]
csfkrb5=libsybskrb.so
secbase=@MYREAL.COM libgss=/krb5/lib/libgss.so
To override the default Replication Server principal name:
-
Option 1 – set the –k rs_principal_name option in the
repserver program.
For
example:
{repserver | repsrvr} [-C config_file] [-i id_server]
[-S secure_rs] [-I interfaces_file]
[-E errorlog_file] [-M] [-v] [-K keytab_file] [-k rsprincipal]
[-upgr] [-A erssd_release_dir] [-purgeq]
[–nodb {all|dbid_1[,dbid_2[,dbid_3[,…]]]]}
[-e]
where:
- -s secure_rs@MYREALM.COM – is the default Replication Server
principal name.
- -k rsprincipal@MYREALM.COM – is the Replication Server principal
name.
See Replication Server Reference Manual> Executable Programs>
repserver.
-
Option 2 – set SYBASE_RS_PRINCIPAL before starting Replication
Server:
setenv SYBASE_RS_PRINCIPAL rsprincipal@MYREALM.COM
The Replication Server principal name that gets authenticated with
Kerberos is "rsprincipal@MYREALM.COM", the value of SYBASE_RS_PRINCIPAL
environment variable.
-
Option 3 – if neither -k rs_principal_name nor
SYBASE_RS_PRINCIPAL variable is set, Replication Server uses the
interfaces file.
The Replication Server principal name that is authenticated with Kerberos
is "secure_rs@MYREALM.COM".